STIGQter: STIG Summary: Layer 2 Switch Security Requirements Guide Version: 1 Release: 6 Benchmark Date: 24 Jan 2020:

The layer 2 switch must manage excess bandwidth to limit the effects of packet flooding types of denial of service (DoS) attacks.

DISA Rule

SV-76653r1_rule

Vulnerability Number

V-62163

Group Title

SRG-NET-000193

Rule Version

SRG-NET-000193-L2S-000020

Severity

CAT II

CCI(s)

• CCI-001095 - The information system manages excess capacity, bandwidth, or other redundancy to limit the effects of information flooding types of denial of service attacks.

Weight

10

Fix Recommendation

Implement a QoS policy for traffic prioritization and bandwidth reservation. This policy must enforce the traffic priorities specified by the Combatant Commanders/Services/Agencies.

Check Contents

Review the switch configuration to verify that QoS has been enabled to ensure that sufficient capacity is available for mission-critical traffic such as voice and enforce the traffic priorities specified by the Combatant Commanders/Services/Agencies.

If the switch is not configured to implement a QoS policy, this is a finding.

Vulnerability Number

V-62163

Documentable

False

Rule Version

SRG-NET-000193-L2S-000020

Severity Override Guidance

Review the switch configuration to verify that QoS has been enabled to ensure that sufficient capacity is available for mission-critical traffic such as voice and enforce the traffic priorities specified by the Combatant Commanders/Services/Agencies.

If the switch is not configured to implement a QoS policy, this is a finding.

Check Content Reference

M

Target Key

2917

Comments